summary refs log tree commit diff
path: root/synapse/rest/client/v1/login.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Support 3PID login in password providers (#4931)Andrew Morgan2019-03-261-4/+45
| | | | | Adds a new method, check_3pid_auth, which gives password providers the chance to allow authentication with third-party identifiers such as email or msisdn.
* Add ratelimiting on login (#4821)Brendan Abolivier2019-03-151-0/+10
| | | Add two ratelimiters on login (per-IP address and per-userID).
* Fix registration on workers (#4682)Erik Johnston2019-02-201-2/+2
| | | | | | | | | | * Move RegistrationHandler init to HomeServer * Move post registration actions to RegistrationHandler * Add post regisration replication endpoint * Newsfile
* Move register_device into handlerErik Johnston2019-02-181-37/+22
|
* Return well_known in /login response (#4319)Richard van der Hoff2018-12-241-7/+11
| | | | ... as per MSC1730.
* Initialise user displayname from SAML2 data (#4272)Richard van der Hoff2018-12-071-0/+5
| | | | | When we register a new user from SAML2 data, initialise their displayname correctly.
* Factor SSO success handling out of CAS login (#4264)Richard van der Hoff2018-12-071-29/+76
| | | | This is mostly factoring out the post-CAS-login code to somewhere we can reuse it for other SSO flows, but it also fixes the userid mapping while we're at it.
* Rip out half-implemented m.login.saml2 support (#4265)Richard van der Hoff2018-12-061-67/+2
| | | | | | | | | | | | | * Rip out half-implemented m.login.saml2 support This was implemented in an odd way that left most of the work to the client, in a way that I really didn't understand. It's going to be a pain to maintain, so let's start by ripping it out. * drop undocumented dependency on dateutil It turns out we were relying on dateutil being pulled in transitively by pysaml2. There's no need for that bloat.
* Support m.login.sso (#4220)Richard van der Hoff2018-11-271-4/+9
| | | | | | | | | | | | | | | | | * Clean up the CSS for the fallback login form I was finding this hard to work with, so simplify a bunch of things. Each flow is now a form inside a div of class login_flow. The login_flow class now has a fixed width, as that looks much better than each flow having a differnt width. * Support m.login.sso MSC1721 renames m.login.cas to m.login.sso. This implements the change (retaining support for m.login.cas for older clients). * changelog
* Port rest/ to Python 3 (#3823)Amber Brown2018-09-121-22/+22
|
* run isortAmber Brown2018-07-091-17/+13
|
* Attempt to be more performant on PyPy (#3462)Amber Brown2018-06-281-1/+2
|
* Use six.moves.urlparseAdrian Tschira2018-04-151-1/+1
| | | | | | The imports were shuffled around a bunch in py3 Signed-off-by: Adrian Tschira <nota@notafile.com>
* Better logging when login can't find a 3pidRichard van der Hoff2017-12-201-4/+10
|
* Allow password_auth_providers to return a callbackRichard van der Hoff2017-11-011-1/+4
| | | | ... so that they have a way to record access tokens.
* Merge pull request #2615 from matrix-org/rav/break_auth_device_depDavid Baker2017-11-011-3/+0
|\ | | | | Break dependency of auth_handler on device_handler
| * Break dependency of auth_handler on device_handlerRichard van der Hoff2017-11-011-3/+0
| | | | | | | | | | | | | | | | | | I'm going to need to make the device_handler depend on the auth_handler, so I need to break this dependency to avoid a cycle. It turns out that the auth_handler was only using the device_handler in one place which was an edge case which we can more elegantly handle by throwing an error rather than fixing it up.
* | Apparently this is pythonDavid Baker2017-11-011-1/+1
| |
* | Log login requestsDavid Baker2017-11-011-0/+10
|/ | | | Carefully though, to avoid logging passwords
* Refactor some logic from LoginRestServlet into AuthHandlerRichard van der Hoff2017-10-311-29/+26
| | | | | | | | | | | | | | I'm going to need some more flexibility in handling login types in password auth providers, so as a first step, move some stuff from LoginRestServlet into AuthHandler. In particular, we pass everything other than SAML, JWT and token logins down to the AuthHandler, which now has responsibility for checking the login type and fishing the password out of the login dictionary, as well as qualifying the user_id if need be. Ideally SAML, JWT and token would go that way too, but there's no real need for it right now and I'm trying to minimise impact. This commit *should* be non-functional.
* Remove pointless create() methodRichard van der Hoff2017-10-201-3/+3
| | | | | It just calls the constructor, so we may as well kill it rather than having random codepaths.
* Merge pull request #1997 from matrix-org/dbkr/cas_partialdownloadDavid Baker2017-03-151-1/+8
|\ | | | | Handle PartialDownloadError in CAS login
| * Handle PartialDownloadError in CAS loginDavid Baker2017-03-141-1/+8
| |
* | Support registration / login with phone numberDavid Baker2017-03-131-6/+82
|/ | | | Changes from https://github.com/matrix-org/synapse/pull/1971
* Revert "Support registration & login with phone number"Erik Johnston2017-03-131-82/+6
|
* Not any more, it doesn'tDavid Baker2017-03-081-1/+0
|
* Minor fixes from PR feedbackDavid Baker2017-03-081-1/+1
|
* Factor out msisdn canonicalisationDavid Baker2017-03-081-13/+5
| | | | Plus a couple of other minor fixes
* Fix pep8David Baker2017-03-081-3/+3
|
* Support new login formatDavid Baker2017-03-071-6/+91
| | | | https://docs.google.com/document/d/1-6ZSSW5YvCGhVFDyD2QExAUAdpCWjccvJT5xiyTTG2Y/edit#
* Fix email push in pusher workerErik Johnston2017-02-021-1/+4
| | | | | | This was broken when device list updates were implemented, as Mailer could no longer instantiate an AuthHandler due to a dependency on federation sending.
* Lowercase all email addresses before querying dbDavid Baker2017-01-181-1/+7
| | | | | Since we store all emails in the DB in lowercase (https://github.com/matrix-org/synapse/pull/1170)
* Stop generating refresh tokensRichard van der Hoff2016-11-281-18/+10
| | | | | | | Since we're not doing refresh tokens any more, we should start killing off the dead code paths. /tokenrefresh itself is a bit of a thornier subject, since there might be apps out there using it, but we can at least not generate refresh tokens on new logins.
* Conform better to the CAS protocol specificationShell Turner2016-09-091-5/+2
| | | | | | | Redirect to CAS's /login endpoint properly, and don't require an <attributes> element. Signed-off-by: Shell Turner <cam.turn@gmail.com>
* Dont invoke get_handlers fromClientV1RestServletErik Johnston2016-08-121-0/+3
| | | | | | hs.get_handlers() can not be invoked from split out processes. Moving the invocations down a level means that we can slowly split out individual servlets.
* Merge pull request #995 from matrix-org/rav/clean_up_cas_loginDavid Baker2016-08-091-125/+33
|\ | | | | Clean up CAS login code
| * Clean up CAS login codeRichard van der Hoff2016-08-081-125/+33
| | | | | | | | | | | | | | Remove some apparently unused code. Clean up parse_cas_response, mostly to catch the exception if the CAS response isn't valid XML.
* | Fix CAS loginRichard van der Hoff2016-08-081-0/+1
|/ | | | Attempting to log in with CAS was giving a 500 error.
* Implement deleting devicesRichard van der Hoff2016-07-261-3/+10
|
* Add device_id support to /loginRichard van der Hoff2016-07-181-3/+36
| | | | | | | | | | | | | Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed.
* Refactor login flowRichard van der Hoff2016-07-181-18/+23
| | | | | | | | | | Make sure that we have the canonical user_id *before* calling get_login_tuple_for_user_id. Replace login_with_password with a method which just validates the password, and have the caller call get_login_tuple_for_user_id. This brings the password flow into line with the other flows, and will give us a place to register the device_id if necessary.
* Split out the auth handlerDavid Baker2016-06-021-5/+6
|
* Make pyjwt dependency optionalErik Johnston2016-04-251-5/+7
|
* Fix issues with JWT loginNiklas Riekenbrauck2016-04-211-3/+6
|
* Add JWT supportNiklas Riekenbrauck2016-03-291-0/+53
|
* Add a parse_json_object functionMark Haines2016-03-091-13/+2
| | | | | to deduplicate all the copy+pasted _parse_json functions. Also document the parse_.* functions.
* Fix relative imports so they work in both py3 and py27Mark Haines2016-03-081-1/+1
|
* Use syntax that works on both py2.7 and py3Mark Haines2016-03-071-1/+1
|
* Fix to appease the PEP8 dragonGergely Polonkai2016-02-261-1/+3
|
* Add error codes for malformed/bad JSON in /loginGergely Polonkai2016-02-261-2/+2
| | | | Signed-off-by: Gergely Polonkai <gergely@polonkaieu>
* Catch the exceptions thrown by twisted when you write to a closed connectionMark Haines2016-02-121-4/+6
|
* Fix flake8 warnings for new flake8Daniel Wagner-Hall2016-02-021-1/+1
|
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* Expose /login under r0Richard van der Hoff2016-01-021-1/+1
| | | | The spec says /login should be available at r0 and 'unstable', so make it so.
* Update endpoints to reflect current specDaniel Wagner-Hall2015-12-021-1/+1
|
* Reuse a single http client, rather than creating new onesMark Haines2015-12-021-5/+2
|
* Host /unstable and /r0 versions of r0 APIsDaniel Wagner-Hall2015-12-011-6/+6
|
* CommentErik Johnston2015-11-201-0/+8
|
* Remove m.login.token from advertised flows.Erik Johnston2015-11-191-1/+2
|
* Snakes not camelsSteven Hammerton2015-11-111-5/+5
|
* Minor review fixesSteven Hammerton2015-11-111-13/+10
|
* Allow hs to do CAS login completely and issue the client with a login token ↵Steven Hammerton2015-11-051-1/+144
| | | | that can be redeemed for the usual successful login response
* Merge branch 'release-v0.10.1' of github.com:matrix-org/synapse into developErik Johnston2015-10-231-1/+7
|\
| * Add config option to disable password loginErik Johnston2015-10-221-1/+7
| |
* | Use 403 and message to match handlers/authKegan Dougal2015-10-211-3/+1
| |
* | Don't 500 when the email doesn't map to a valid user ID.Kegan Dougal2015-10-201-0/+4
| |
* | synapse.client.v1.login.LoginFallbackRestServlet and ↵Mark Haines2015-10-151-30/+0
|/ | | | synapse.client.v1.login.PasswordResetRestServlet are unused
* Add a comment to clarify why we split on closing curly brace when reading ↵Steven Hammerton2015-10-121-0/+5
| | | | CAS attribute tags
* Unpack dictionary in for loop for nicer syntaxSteven Hammerton2015-10-121-4/+4
|
* Remove not required parenthesisSteven Hammerton2015-10-121-1/+1
|
* Support multiple required attributes in CAS response, and in a nicer config ↵Steven Hammerton2015-10-121-7/+6
| | | | format too
* Allow optional config params for a required attribute and it's value, if ↵Steven Hammerton2015-10-121-1/+15
| | | | specified any CAS user must have the given attribute and the value must equal
* Parse both user and attributes from CAS responseSteven Hammerton2015-10-121-26/+38
|
* Raise LoginError if CasResponse doensn't contain userSteven Hammerton2015-10-101-1/+1
|
* Fix my broken line splittingSteven Hammerton2015-10-101-4/+6
|
* Use UserId to create FQ user idSteven Hammerton2015-10-101-1/+1
|
* Add get_raw method to SimpleHttpClient, use this in CAS auth rather than ↵Steven Hammerton2015-10-101-5/+8
| | | | requests
* Formatting changesSteven Hammerton2015-10-101-5/+12
|
* Provide ability to login using CASSteven Hammerton2015-10-101-1/+63
|
* Merge erikj/user_dedup to developDaniel Wagner-Hall2015-08-261-2/+3
|
* Return fully qualified user_id as per specDavid Baker2015-08-201-1/+1
|
* Merge branch 'develop' into refreshDaniel Wagner-Hall2015-08-201-4/+11
|\ | | | | | | | | Conflicts: synapse/rest/client/v1/login.py
| * Comma comma comma comma comma chameleonDavid Baker2015-08-201-1/+1
| |
| * Merge branch 'develop' into email_loginDavid Baker2015-08-201-3/+2
| |\
| * | Allow sign in using email addressDavid Baker2015-08-041-5/+12
| | |
* | | /tokenrefresh POST endpointDaniel Wagner-Hall2015-08-201-2/+4
| |/ |/| | | | | | | | | | | | | This allows refresh tokens to be exchanged for (access_token, refresh_token). It also starts issuing them on login, though no clients currently interpret them.
* | Simplify LoginHander and AuthHandlerDaniel Wagner-Hall2015-08-121-3/+2
|/ | | | | | | | | * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly
* Small tweaks to SAML2 configuration.Erik Johnston2015-07-101-4/+4
| | | | | - Add saml2 config docs to default config. - Use existence of saml2 config to indicate if saml2 should be enabled.
* Make SAML2 optional and add some references/commentsMuthu Subramanian2015-07-091-4/+9
|
* code beautifyMuthu Subramanian2015-07-091-9/+4
|
* code beautifyMuthu Subramanian2015-07-081-10/+23
|
* Integrate SAML2 basic authentication - uses pysaml2Muthu Subramanian2015-07-081-1/+61
|
* Blunty replace json with simplejsonErik Johnston2015-02-111-1/+1
|
* Extract the client v1 base RestServlet to a separate classMark Haines2015-01-231-4/+4
|
* Move rest APIs back under the rest directoryMark Haines2015-01-221-0/+109
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-12 16:49:21 +0000